Description
mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never enforced in readRequestBody(). A remote unauthenticated attacker can crash any mcp-framework HTTP server by sending a single large POST request to /mcp, causing memory exhaustion and denial of service. This issue has been fixed in version 0.2.22.
Published: 2026-04-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via memory exhaustion
Action: Patch Immediately
AI Analysis

Impact

The vulnerability resides in the readRequestBody() function of the MCP-Framework, where request body fragments are concatenated into a string with no enforced size limit. This allows an unauthenticated attacker to send an excessively large POST payload to the /mcp endpoint, causing the server to consume growing amounts of memory until it crashes. The flaw results in a Denial of Service (DoS) condition that prevents legitimate clients from accessing the service.

Affected Systems

The affected product is QuantGeekDev’s mcp-framework, specifically versions 0.2.21 and older. Any deployment of an MCP server built with these releases that exposes the HTTP transport is at risk. The defect was addressed in version 0.2.22.

Risk and Exploitability

The vulnerability scores a high CVSS score of 8.7 and is not listed in the CISA KEV catalog, indicating a serious condition but lacking evidence of active exploitation. The attack vector is straightforward: a single, unauthenticated HTTP POST request to /mcp with a very large body. Because no authentication or size checks are applied, exploitation requires only network connectivity to the server, making it highly feasible for remote attackers.

Generated by OpenCVE AI on April 17, 2026 at 02:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the mcp-framework package to version 0.2.22 or newer to apply the official fix.
  • Configure an upstream proxy or firewall (e.g., Nginx client_max_body_size or Apache LimitRequestBody) to enforce a maximum POST body size, reducing the risk of excessive memory usage.
  • Set up monitoring and alerting for unusually large HTTP POST requests or rapid memory spikes on the server to detect and respond to attempted denial‑of‑service attacks.

Generated by OpenCVE AI on April 17, 2026 at 02:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-353c-v8x9-v7c3 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport
History

Fri, 17 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Quantgeekdev
Quantgeekdev mcp-framework
Vendors & Products Quantgeekdev
Quantgeekdev mcp-framework

Thu, 16 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never enforced in readRequestBody(). A remote unauthenticated attacker can crash any mcp-framework HTTP server by sending a single large POST request to /mcp, causing memory exhaustion and denial of service. This issue has been fixed in version 0.2.22.
Title MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport
Weaknesses CWE-770
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Quantgeekdev Mcp-framework
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-17T18:46:07.726Z

Reserved: 2026-04-06T19:31:07.265Z

Link: CVE-2026-39313

cve-icon Vulnrichment

Updated: 2026-04-17T18:46:03.911Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-16T22:16:38.073

Modified: 2026-04-17T15:38:09.243

Link: CVE-2026-39313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T08:01:26Z

Weaknesses